Crypto economics is a new discipline born after the rise of virtual
currencies and distributed ledger technologies, and is rapidly
developing in a unique intersection between computing, cryptography,
law, economics, and game theory. The school aims at disseminating
knowledge about the foundations and the applications of these
technologies to researchers, PhD students, scholars and technologists in
industry and academia, not excluding under- or new graduates with strong
technical drive and a sufficient background.

SCHOOL VENUE

The school will be hosted at the Technology Park of Sardinia in Pula﻿
(Sardinia, Italy).
Travel and accommodation information are available on the school website.

SCHOOL FEES

The registration and attendance is FREE of charge. However, as we may
not be able to accommodate all the applicants, the attendees will be
selected by the scientific committee on a CV best-match basis. This
implies that candidates showing the attitude to receive the most value
from the lectures will be given higher priority. The school plans for a
maximum of 38 attendees with a quota of 12 seats reserved to scholars
coming from CRS4, University of Cagliari and from SMEs located in
Sardinia. Should this quota remain unfilled, the remainder seats will be
redistributed to waitlisted participants.

SCHOOL DATES

Prospective participants should apply through the school web page by April 15, 2018Notification of accepted applicants will be posted by April 31, 2018School dates June 12-15, 2018

Abstract. Albeit the primary usage of Bitcoin is to exchange currency, its blockchain and consensus mechanism can also be exploited to securely execute some forms of smart contracts. These are agreements among mutually distrusting parties, which can be automatically enforced without resorting to a trusted intermediary. Over the last few years a variety of smart contracts for Bitcoin have been proposed, both by the academic community and by that of developers. However, the heterogeneity in their treatment, the informal (often incomplete or imprecise) descriptions, and the use of poorly documented Bitcoin features, pose obstacles to the research.

In this paper we present a comprehensive survey of smart contracts on Bitcoin, in a uniform framework. Our treatment is based on a new formal specification language for smart contracts, which also helps us to highlight some subtleties in existing informal descriptions, making a step towards automatic verification. We discuss some obstacles to the diffusion of smart contracts on Bitcoin, and we identify the most promising open research challenges.

Abstract. We propose a formal model of Bitcoin transactions, which is
sufficiently abstract to enable formal reasoning, and at the
same time is concrete enough to serve as an alternative
documentation to Bitcoin. We use our model to formally prove
some well-formedness properties of the Bitcoin blockchain, for
instance that each transaction can only be spent once. We
release an open-source tool through which programmers can write
transactions in our abstract model, and compile them into
standard Bitcoin transactions.

Abstract. Modern cryptocurrencies exploit decentralised blockchains to record a public and unalterable history of transactions. Besides transactions, further information is stored for different, and often undisclosed, purposes, making the blockchains a rich and increasingly growing source of valuable information, in part of difficult interpretation. Many data analytics studies have been carried out, mostly based on specifically designed and ad-hoc engineered approaches. We propose a general-purpose framework, seamlessly supporting data analytics on both Bitcoin and Ethereum — currently the two most prominent cryptocurrencies. Such a framework allows us to integrate relevant blockchain data with data from other sources, and to organise them in a database, either SQL or NoSQL. Our framework is released as an open-source Scala library, a mainstream Java-like programming language. We illustrate the distinguishing features of our approach on a set of significant use cases, which allow us to empirically compare ours to other competing proposals, and evaluate the impact of the database choice on scalability.

Abstract. Timed session types formalise timed communication protocols between two
participants at the endpoints of a session. They feature a decidable compliance
relation, which generalises to the timed setting the progress-based compliance
between untimed session types. We show a sound and complete technique to decide
when a timed session type admits a compliant one. Then, we show how to
construct the most precise session type compliant with a given one, according
to the subtyping preorder induced by compliance. Decidability of subtyping
follows from these results.

Abstract: The BIX protocol is a blockchain-based protocol that allows distribution of certificates linking a subject with his public key, hence providing a service similar to that of a PKI but without the need of a CA. In this seminar I will present an analysis of the security of the BIX protocol in a formal way. First, I will identify formal security assumptions which are well-suited to this protocol. Second, I will present some attack scenarios against the BIX protocol. Finally, I will provide a formal security proof that these attacks are not feasible under our previously established assumptions.

Abstract.In
recent work we have extended multiparty session types (MPST) with
a model of time borrowed from Communicating Time Automata (CTA). This
allowed us to establish a sound and complete correspondence between timed
MPST and a subclass of CTA that satisfies progress. On the basis of
this
correspondence, we can decide properties on CTA that are undecidable in
the general case, such as safety (absence of orphan messages and
communication mismatches), progress, non-zenoness and eventual reception
of messages sent. I will present decidable conditions
for these properties, and give a concrete procedure to build *when
possible* global timed MPST from (arbitrary) collections of timed
automata, with the guarantee that the resulting global specification is a
well-behaved composition.

Abstract. Smart contracts are computer programs that can be consistently executed by a
network of mutually distrusting nodes, without the arbitration of a trusted
authority. Because of their resilience to tampering, smart contracts are
appealing in many scenarios, especially in those which require transfers of
money to respect certain agreed rules (like in financial services and in
games). Over the last few years many platforms for smart contracts have been
proposed, and some of them have been actually implemented and used. We study
how the notion of smart contract is interpreted in some of these platforms.
Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify
the usage of smart contracts in relation to their application domain. We also
analyse the most common programming patterns in Ethereum, where the source code
of smart contracts is available.

Abstract. The Bitcoin protocol allows to save arbitrary data on the blockchain through
a special instruction of the scripting language, called OP_RETURN. A growing
number of protocols exploit this feature to extend the range of applications of
the Bitcoin blockchain beyond transfer of currency. A point of debate in the
Bitcoin community is whether loading data through OP_RETURN can negatively
affect the performance of the Bitcoin network with respect to its primary goal.
This paper is an empirical study of the usage of OP_RETURN over the years. We
identify several protocols based on OP_RETURN, which we classify by their
application domain. We measure the evolution in time of the usage of each
protocol, the distribution of OP_RETURN transactions by application domain, and
their space consumption.